aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/CHANGELOG.md
diff options
context:
space:
mode:
Diffstat (limited to 'actionview/CHANGELOG.md')
-rw-r--r--actionview/CHANGELOG.md11
1 files changed, 10 insertions, 1 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index d07794ddf3..6717004ceb 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -1,6 +1,15 @@
## Rails 6.0.0.beta3 (March 11, 2019) ##
-* No changes.
+* Only accept formats from registered mime types
+
+ A lack of filtering on mime types could allow an a attacker to read
+ arbitrary files on the target server or to perform a denial of service
+ attack.
+
+ Fixes CVE-2019-5418
+ Fixes CVE-2019-5419
+
+ *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
## Rails 6.0.0.beta2 (February 25, 2019) ##
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 08:02:35 +0000